package top.lbqaq.servlet;

import com.mysql.cj.util.StringUtils;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.sql.*;
import java.util.Date;

/**
 * @author luoboQAQ
 * @Date 2021/12/9
 */
@WebServlet(name = "ThirdServlet", value = "/3")
public class ThirdServlet extends HttpServlet {

    private static final String DRIVER = "com.mysql.cj.jdbc.Driver";
    private static final String URL = "jdbc:mysql://localhost:3306/web?serverTimezone=Asia/Shanghai&characterEncoding=utf-8";
    private static final String USERNAME = "root";
    private static final String PASSWORD = "root";

    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        Connection connection = null;
        String username = req.getParameter("username");
        String password = req.getParameter("password");
        if (StringUtils.isNullOrEmpty(username) || StringUtils.isNullOrEmpty(password)) {
            req.setAttribute("msg", "用户名或密码不能为空！");
            req.getRequestDispatcher("/1-4.jsp").forward(req, resp);
            return;
        }
        try {
            Class.forName(DRIVER);
            connection = DriverManager.getConnection(URL, USERNAME, PASSWORD);
        } catch (Exception e) {
            e.printStackTrace();
        }
        String dbPassword = null;
        Date dbDate = null;
        Date nowDate = new Date();
        int dbErrorTime = 0;
        if (connection != null) {
            String sql = "select * from user where name=?";
            PreparedStatement pstm = null;
            ResultSet rs = null;
            try {
                pstm = connection.prepareStatement(sql);
                pstm.setObject(1, username);
                rs = pstm.executeQuery();
                if (rs.next()) {
                    dbPassword = rs.getString("password");
                    dbDate = new Date(rs.getTimestamp("time").getTime());
                    dbErrorTime = rs.getInt("error_count");
                } else {
                    req.setAttribute("msg", "用户不存在！");
                    req.getRequestDispatcher("/1-4.jsp").forward(req, resp);
                    return;
                }
            } catch (SQLException e) {
                e.printStackTrace();
            }
        } else {
            req.setAttribute("msg", "数据库连接失败！");
            req.getRequestDispatcher("/1-4.jsp").forward(req, resp);
            return;
        }
        if (dbErrorTime >= 3) {
            if (dbDate.after(nowDate)) {
                req.setAttribute("msg", "您被禁止登录！");
                req.getRequestDispatcher("/1-4.jsp").forward(req, resp);
                return;
            } else {
                dbErrorTime = 0;
            }
        }
        boolean isEqual = password.equals(dbPassword);
        if (!isEqual) {
            req.setAttribute("msg", "密码错误！");
            dbErrorTime += 1;
            if (dbErrorTime >= 3) {
                nowDate.setTime(nowDate.getTime() + 1 * 60 * 1000);
            }
        } else {
            dbErrorTime = 0;
            req.setAttribute("msg", "登录成功！");
        }
        try {
            PreparedStatement pstm = connection.prepareStatement("update user set time=?,error_count=? where name=?");
            pstm.setObject(1, nowDate);
            pstm.setObject(2, dbErrorTime);
            pstm.setObject(3, username);
            pstm.execute();
        } catch (SQLException e) {
            e.printStackTrace();
        }
        req.getRequestDispatcher("/1-4.jsp").forward(req, resp);
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        doGet(req, resp);
    }
}
